Are there specific requirements for the validity of an electronic signature?

Technology

Malta

The Electronic Commerce Act, Chapter 426 of the Laws of Malta, (the ‘E-Commerce’) deals with the validity of electronic transactions in the internal market and has recently been amended to ensure the implementation of the Regulation No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the ‘eIDAS Regulation’). The eIDAS Regulation speaks of electronic signatures, described as data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign and classifies them into qualified electronic signatures (which is an advanced electronic signature created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures) and advanced electronic signatures.

The eIDAS Regulation provides that advanced electronic signatures must be uniquely linked to the signatory, capable of identifying the signatory, created using electronic signature creation data that the signatory can, with a high level of confidence, use under his or her exclusive control and is linked to the data signed therewith, in such a manner that any subsequent change of data is detectable.

Norway

Act no. 81 of 15 June 2001 on Electronic Signatures (the E-signatures Act) Section 3 no. 1 defines an electronic signature as data in electronic form which are attached to or logically associated with other electronic data and which serves as a method of authentication.

The Act differentiates between different types of electronic signatures. The most commonly used form of electronic signature within Norway is the advanced electronic signature, which requires that the electronic signature be:

Uniquely linked to the signatory;

capable of identifying the signatory;

created using means that the signatory can maintain under his sole control; and

linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.

A qualified electronic signature is an advanced electronic signature that is based on a qualified certificate and produced by an approved secure signature creation system, cf. the Act Section 4. Providers of qualified electronic signatures and certificates are subject to requirements in the Act Chapter III and the Regulation on the Requirements of Qualified Certificates of 15 June 2001 no. 611, as well as the supervision of Nkom.

Where law, regulation or other instruments prescribes that a signature is a requirement necessary to obtain a specific legal effect, and such act can be conducted electronically, a qualified electronic signature shall always be deemed to fulfil such a requirement, cf. the Act Section 6. Furthermore, an electronic signature that is not qualified may also fulfil such requirement.

Digital signatures are the most commonly used form of electronic signatures. A digital signature must be linked between a physical person and the electronic data, and requires an electronic certificate consisting of information of the signatory (the private key) and a public key, in which the latter is linked to a certificate that confirms the signatory’s identity to other parties. The Act prescribes that the private key must be under the certificate holder’s control, for instance as a plastic card or a data chip (smartcard).

Turkey

Yes. Turkey has an Electronic Signature Law w. no 5070. Pursuant to the Law, only those electronic signatures which are obtained from licensed Electronic Certificate Service Providers are valid.

Electronic signatures shall have the following requirements;

exclusively linked to the signature owner,

generated with a secure electronic signature creation device which is maintained under the sole control of the signature owner,

enables the identification of the signature owner based on a qualified electronic certificate,

enables to detect whether signed electronic data has been changed or not.

Foreign Electronic Certificates: The legal effects of electronic certificates issued by any Electronic Certificate Service Provider established in a foreign country shall be recognized under international agreements. In case that electronic certificates issued by any Electronic Certificate Service Provider established in a foreign country are recognized by an Electronic Certificate Service Provider established in Turkey, such electronic certificates are deemed to be Qualified Electronic Certificates.

China

Pursuant to the Electronic Signature Law, ‘electronic signature’ refers to the data in electronic form contained in and attached to a data message, for the use of identifying the identity of the signatory and showing that the signatory has recognized the content of the data massage. A reliable electronic signature has equal legal force with a hand-written signature or a seal. When an electronic signature concurrently meets the following conditions, it is reliable.

When the creation data of the electronic signature is used for the electronic signature, it is exclusively owned by the electronic signatory.

When the electronic signature is entered, the creation data is controlled solely by the electronic signatory.

After the electronic signature is entered, any alteration to the electronic signature is detectable.

After the electronic signature is entered, any alteration to the content and the form of the data massage is detectable.

Mexico

Electronic signatures in Mexico shall mean, in accordance with the Code of Commerce (Código de Comercio), the electronic data contained in a data message, or attached or logically associated thereto by any technology, which is used to identify the signatory in relation to the data message and to indicate that the signatory approves the information contained in the data message, and produces the same legal effects as the written signature, being admissible as evidence in court

In this sense, written signatures can be replaced by a data message with electronic signature if the following conditions are met: (a) integrity of the information; (b) accessibility for further consultations; and (c) attributability to the parties.

However, the Code of Commerce distinguishes (a) “simple” electronic signatures, and (b) “advanced” electronic signatures. The Code of Commerce provides that if the followings requirements are met (in addition to the ones mentioned before), electronic signatures are to be considered “advanced” electronic signatures: (i) the creation data of the electronic signature, within the context in which they are used, relates exclusively to the signatory, (ii) the creation data of the electronic signature is, at the moment of the execution, under the sole control of the signatory; (iii) it is possible to detect any alteration to the electronic signature after the execution date; and (iv) it is possible to detect any alteration to the integrity of the data message after the signing.

United Kingdom

EU Regulation 910/2014 ("Electronic Identification Regulation"), which has direct effect in the UK, sets out the validity requirements for electronic signatures. Under the Electronic Identification Regulation, a 'qualified electronic signature' has the same effect as a handwritten signature (Article 25(2)) as long as it was created by a qualified electronic signature device and based on a qualified certificate for electronic signatures (Article 3(12)).

The validity requirements for a qualified electronic signature are set out in Article 26 and Annexes I and II of the Electronic Identification Regulation and include the following: the signature must be uniquely linked to the signatory (Article 26(a)), the qualified electronic signature creation device must have appropriate technical and procedural measures to ensure that the confidentiality of the signature is assured (Paragraph 1(a), Annex II) and the qualified certificate for electronic signatures must clearly indicate the name or pseudonym of the signatory (Paragraph (d), Annex I).

Romania

Article 4 of Law no. 455/2001 on electronic signature (implementing the eIDAS Regulation), defines the electronic signature (e-signature) and the extended e-signature. The latter is the equivalent of the advanced e-signature in eIDAS Regulation and it must fulfill four conditions in order to be valid:

it is uniquely linked to the signatory;

it ensures the identification of the signatory;

it is created using electronic signature creation data that the signatory can use under his sole control;

it is linked to the data signed therewith in such a way that any subsequent change in the data is identifiable.

Under Article 5 of the said law, an extended e-signature ensures the validity of an electronic document if it is based on a qualified certificate and generated by a secure signature creation device. Simultaneously, Article 6 recognizes the validity of an electronic document if e-signatures were used. Moreover, in the instance where one of the parties does not recognize the e-signature, the court must have it verified by an expert.

Italy

Yes, there are. A simple electronic signature is not automatically equivalent to hand-written signature, as the probative value of a digital document signed using a simple electronic signature – as well as its aptitude to meet the written form requirement - can be freely evaluated by the judge in the context of a trial, taking into account its objective characteristics of quality, security, integrity and non-modifiability. On the contrary, the “advanced electronic signature”, the “qualified electronic signature” and the “digital signature”, which must fulfil stricter requirements imposes by the law, have the same legal value as a hand-written signature. Furthermore, in cases where the law provides for the requirement that a contract shall be entered into in writing, using an advanced electronic signature (except for a few cases, concerning contracts regarding real estate) or an electronic qualified signature or a digital signature to sign a document meets such requirement. Both the advanced electronic signature and the digital signature shall comply with specific technical requirements. Furthermore, the advanced electronic signature can be used only for contractual relationships between the issuer of the signature tool and the signatory, provided that specific conditions provided for by the law have been complied with by the issuer of the signature tool (e.g. the issuer of the signature tool shall obtain an insurance cover for possible damages caused to the signatories or third parties).

The Netherlands

As a rule, Dutch law does not require agreements to be in written form, or to be signed. Generally, agreements can be entered into 'form-free' (exceptions apply for example to certain real estate agreements and share transactions). In principle, there is no distinction in validity or enforceability between handwritten ('wet') signatures and electronic signatures.

EU Regulation 910/2014 ("Electronic Identification Regulation"), which has direct effect in the Netherlands, sets out the validity requirements for electronic signatures. Under the Electronic Identification Regulation, a 'qualified electronic signature' has the same effect as a handwritten signature (Article 25(2)) as long as it was created by a qualified electronic signature device and based on a qualified certificate for electronic signatures (Article 3(12)). The validity requirements for a qualified electronic signature are set out in Article 26 and Annexes I and II of the Electronic Identification Regulation and include the following: the signature must be uniquely linked to the signatory (Article 26(a)), the qualified electronic signature creation device must have appropriate technical and procedural measures to ensure that the confidentiality of the signature is assured (Paragraph 1(a), Annex II) and the qualified certificate for electronic signatures must clearly indicate the name or pseudonym of the signatory (Paragraph (d), Annex I).

Brazil

No. Employees, assets or contracts have to always to be formally assigned or transferred to a third party (e.g. an IT service provider) if necessary, as Brazilian laws does not provide for any automatic transfer in the event of outsourcing of IT services. Please note, however, that depending on how the relationship is managed, there may be a risk of an employment relationship between the IT service provider and the client housing the employees.

Indonesia

Under the ITE Law, as amended and GR 82/2012, the following are the minimum validity requirements for an electronic signature:

the data creation of the electronic signature is relevant to the signatory;

the data creation of the electronic signature during the signing is only within the possession of the signatory;

all changes to the electronic signature that occur after signing can be known;

all changes to electronic information related to the electronic signature after signing can be known;

there are certain methods used to identify the signatory; and

there are certain methods to show that the signatory has given consent for the relevant electronic information.

India

An electronic signature as per the IT Act authenticates an electronic record of a subscriber by following the procedure specified in IT Act. The 2008 Amendment to the IT Act replaced the word “digital” with the word “electronic” in several provisions of the IT Act. The scope of electronic signature is wider in nature; since a digital signature is one of the types of electronic signature. The IT Act also specifies the conditions to be satisfied for an electronic signature to be accepted as authentic and reliable, which are as follows: (i) the signature creation data or the authentication data are linked to the signatory and to no other person; (ii) the signature creation data was, at the time of signing, under the control of the signatory and of no other person; (iii) any alteration to the electronic signature made after affixing such signature is detectable; and (iv) any alteration to the information made after its authentication by electronic signature is detectable. Another proof of authentication of electronic and digital signatures, respectively, is obtaining of Electronic Signature Certificate and Digital Signature Certificate from the relevant authority under the IT Act. The Ministry of Electronics and Information Technology has also prescribed additional procedure for authentication of electronic records by electronic signature under the Electronic Signature or Electronic Authentication of Technique and Procedure Rules, 2015 (specifically relating to Aadhaar e-KYC services) and Digital Signature (End Entity) Rules, 2015 (for digital and xml signatures). The Indian Evidence Act, 1872 recognises electronic documents signed with a secured electronic signature, but where the electronic signature is not secure, the authenticity of the signature needs to be proved.

Israel

The Electronic Signature Law, 5761-2001, specifies the requirements for the validity of electronic signatures on documents that require, by Israeli law, a signature. Such requirements include, among others, the use of specific authentication software and a specific electronic certificate authenticating the identity of signor. Such law does not relate to electronic signatures that are used for purposes that do not require signatures by law, which validity shall continue to be subject to general laws and case law applicable to the validity of signatures.

Singapore

Yes. Electronic signatures have to fulfil the requirements under Section 8 of the Electronic Transactions Act (Chapter 88) in order for it to be valid. Essentially, there must be a method used to identify the person and indicate his intention in respect of the information contained in the electronic record. Furthermore, the method used must either be as reliable as appropriate for the purposes for which the electronic record was generated or communicated; or proven in fact, by itself or together with further evidence, to have fulfilled the above functions of identification and indication of intention.

France

According to the Civil Code provisions that implement EU legislation governing this matter (lastly, EU regulation 910/2014 of 23 July 2014), an electronic signature is considered as a ‘signature,’ that is, as effectively identifying the author of an act and showing his consent, only when it results from a reliable identification process that guarantees its link with the act. The process is deemed to be reliable when it fulfills certain requirements that are set out in regulations. Such requirements include the use of a certificate that must be delivered to the signature holder in person, as well as other requirements that are seldom fully satisfied.

As a consequence, so called ‘electronic signatures’ in use on the market may most often not be considered as ‘electronic signatures’ under the law. This means that they may not be legally deemed to be reliable and identify their users: when challenged before the courts, their users will have to demonstrate their probatory value.

By way of consequence an electronic document, which should in principle have the same evidentiary value as a document on paper provided its author can be properly identified, will hardly meet this identification criterion since this requires an electronic signature. Therefore, where a writing is required as evidence and is issued in an electronic format, the lack of a lawful electronic signature will place the document at a lower rank than a document on paper.

Germany

German requirements on electronic signatures are laid down in the Regulation on Electronic Identification and Trust Services (eIDAS) which replaced the German Signature Act (SigG) only recently in July 2017. The new regulation contains binding European-wide rules in the areas of electronic identification and electronic trust services. The eIDAS Regulation introduced the so called “electronic seals”. Technically, these are similar to the electronic signatures. The main difference is the assignment to a legal rather than a natural person. While electronic signatures can be used to sign a declaration of intent, the electronic seal of an institution serves as proof of origin: It can be used wherever a personal signature is not necessary, but proof of authenticity is desired, e.g. in the case of official decisions, certificates and account statements.

For the validity of electronic signatures in general (for example in e-mails or PDF documents), there are no specific requirements. However, for legal acts which require written form according to section 126 German Civil Code (BGB) , this form requirement can (where not excluded in the law) only be replaced by a qualified electronic signature. A qualified electronic signature is only given in cases where an certified identification unit was used when creating the signature (which is rarely the case). Electronic documents only have the same value of proof as documents which were signed by hand if a qualified electronic signature is used in the document (section 371a German Code of Civil Procedure .

Switzerland

The Code of Obligations sets out the principles governing e-signatures and refers to the Electronic Signatures Act of 18 March 2016, as amended (ESA), for the technical details, which in turn refers to its respective ordinance. An electronic signature is defined as electronic data which is joined or linked logically to other electronic data and which serves to verify such other data. The ESA distinguishes three levels of e-signatures: regular e-signatures, advanced e-signatures and authenticated e-signatures. The authenticated e-signature is deemed equivalent to a handwritten signature and can only be obtained from a recognised authority. A list of all such authorities in Switzerland is available on the competent federal authority’s website. Authenticated e-signatures are treated like handwritten signatures. Therefore, e-signatures cannot be used where the law sets out additional formal requirements, for example, in the case of a will (which must be handwritten in its entirety) or real estate deals (requiring a public deed). Additionally, authenticated e-signatures are only available for natural persons, not for legal entities.

Ecuador

Under the Ecuadorian legislation, an electronic signature is the set of data in electronic form, attached to or logically associated with, a data message, and that can be used to identify the signatory in relation to the data message and to indicate the signatory’s approval and recognition of the information contained in the message. An electronic signature has the same validity and legal effects of a handwritten signature in relation to the data contained in written documents, and it is admissible as evidence in court.

To obtain an electronic signature valid in Ecuador, it is necessary to obtain the certificate of the electronic signature, which certifies the link of the signature with a particular person, through a verification process that confirms the identity.

The electronic signature is obtained through information certification bodies that are one-person businesses or legal persons that issue the electronic signature certificates, and that can provide other services related to electronic signatures. Said bodies must have an authorization by the ARCOTEL.